Painless Restore

I’ve spoken with network administrators who shared horror stories about calamitous results from seemingly simple modifications to Active Directory. Sometimes, these changes sent them scurrying for the most recent System State backup and tattered notes from their MCSE training days on how to restore AD. I recently heard about an administrator “friend” who, while attempting to give users the ability to log on locally, actually denied users from logging in at all (and set this in the Default Domain Policy). What followed was a lengthy (and expensive) phone call with a Microsoft support professional. Of course, the worst effect was the entire day of downtime. Had this administrator used Aelita’s ERDisk for Active Directory 6.5, the horror story would have been a testimonial for how this product saved him many hours of grief.

I installed ERDisk for Active Directory in a Windows 2000 test domain
I knew I’d be modifying. As usual with products I review, I read the online
help to familiarize myself with the interface and tasks I could perform.
Within a few minutes, I knew exactly what I needed to do and how to do
it. ERDisk for Active Directory is a backup and recovery tool, so the
first step was to make a backup of my domain controller prior to making
the simulated, undesirable changes to various user and Group Policy Objects.
The main ERDisk console has all of its tasks easily accessible in the
right-pane view (see figure). I clicked on the Create System State Backup
task and was presented with a wizard that stepped me through each phase
of the selection process. I was glad to see settings for bandwidth and
CPU-throttling for the agent installed on the target systems. I let the
backup job begin and, in less than three minutes, it was complete.

ERDisk's console makes all of its tasks easily
accessible in the right-pane window. (Click image to view larger version.)

As a comparison, I walked through the Windows 2000 Backup (NT Backup) application, choosing a System State backup of the same domain controller. For a single, interactive backup session, NT Backup is more informative about what’s going on, listing every file being backed up and an estimated time of completion. ERDisk simply shows that the task is executing and gives a status when complete.

Both applications have logging abilities. ERDisk can log to a text file; the Event Viewer’s Application Log; or to Aelita Journal, a companion application for viewing log output. The main plus for ERDisk is that the created backup file was nearly 100MB smaller than NT Backup’s.

Having confirmed the successful backup of my System State (which included AD objects), I was ready to play, “I wonder what this Group Policy setting does?” Prior to backup, I created a user named “GoodOleUser.” Before running through the restore, I deleted this user. I also modified the Default Domain Group Policy to give only administrators the ability to change the system time, log on as a batch job and generate security audits. My goal was to restore GoodOleUser and put Group Policy back to its default state, without the problematic changes.

ERDisk has numerous restore options that allow remote, online restoration of individual objects in AD, such as single or multiple users. For Group Policy Objects, the restore was able to tell me that there were differences in the backup Group Policy and the live Group Policy—but I didn’t see what these differences were. With the Restore Wizard, I was able to compare everything before I made the changes and was presented with reports showing what I was about to do. After completing the two Restore Wizards—Online Restore and Group Policy Restore—I verified that my user was restored and my domain policy was set to default.

ERDisk provides key functionality that’s either lacking or missing in Win2K utilities and procedures for restoring systems, specifically domain controllers and AD. The ability to have a central repository of backups and to remotely restore online systems granularly makes ERDisk a money saver. In the event of a catastrophic failure, ERDisk has myriad powerful features, such as a recovery boot diskette and CD.

Aelita will soon be releasing ERDisk for Active Directory version 6.7, which supports AD enhancements in Windows 2003. These new features—such as the ability to restore replicas from backup and added support for application partitions—add further timesaving value. Version 6.7 should be released by the time you read this.

I recommend ERDisk to anyone who has ever gone through restoring AD with
standard tools like Ntdsutil—or anyone who ever will.

About the Author

Rodney Landrum is an MCSE working as a data analyst and systems engineer for a software development company in Pensacola, Florida. He has a new book from Apress entitled ProSQL Server Reporting Services.